ForAllValues:BinaryEquals
Warning:
As far as we know ForAllValues:
BinaryEquals
can never be used because there are no
context keys available that are an array of base64-encoded string representations. This is here as an example of
how it could work, but if you see this in the wild, it's probably a mistake.
It's totally possible this is a mistake on our part, if you think we got this wrong please send an email to wroooong
at cloudcopilot.io
and we'll get it fixed up.
ForAllValues: BinaryEquals
ForAllValues:
BinaryEquals
compares a list of binary values in a request to a list of base64-encoded string representations in your policy. There are no known binary context keys, but this is put here for completeness.
To match a request, the context key can be absent, but if it is present, all of the binary values in the request must match at least one of the base64-encoded string representations in your policy.
You can NOT use policy variables in the value of this operator.
ForAllValues: BinaryEquals in an Allow Statement
Click into any of these polices and change them test how they change the result.
Given the Policy Condition: |
"ForAllValues:BinaryEquals": { "aws:BinaryKey": [ "YmFzZUBjbG91ZGNvcGlsb3QuaW8=", "NjRAY2xvdWRjb3BpbG90Lmlv" ] } |
When the Request Context has: |
aws:BinaryKey: null |
Then the result is: |
Allowed Assuming no explicit Deny elsewhere |
Given the Policy Condition: |
"ForAllValues:BinaryEquals": { "aws:BinaryKey": [ "YmFzZUBjbG91ZGNvcGlsb3QuaW8=", "NjRAY2xvdWRjb3BpbG90Lmlv" ] } |
When the Request Context has: |
aws:BinaryKey: |
Then the result is: |
Not Allowed Statement does not apply |
Given the Policy Condition: |
"ForAllValues:BinaryEquals": { "aws:BinaryKey": [ "YmFzZUBjbG91ZGNvcGlsb3QuaW8=", "NjRAY2xvdWRjb3BpbG90Lmlv" ] } |
When the Request Context has: |
aws:BinaryKey: |
Then the result is: |
Not Allowed Statement does not apply |
Given the Policy Condition: |
"ForAllValues:BinaryEquals": { "aws:BinaryKey": [ "YmFzZUBjbG91ZGNvcGlsb3QuaW8=", "NjRAY2xvdWRjb3BpbG90Lmlv" ] } |
When the Request Context has: |
aws:BinaryKey: |
Then the result is: |
Allowed Assuming no explicit Deny elsewhere |
Given the Policy Condition: |
"ForAllValues:BinaryEquals": { "aws:BinaryKey": [ "YmFzZUBjbG91ZGNvcGlsb3QuaW8=", "NjRAY2xvdWRjb3BpbG90Lmlv" ] } |
When the Request Context has: |
aws:BinaryKey: |
Then the result is: |
Allowed Assuming no explicit Deny elsewhere |
Given the Policy Condition: |
"ForAllValues:BinaryEquals": { "aws:BinaryKey": [ "YmFzZUBjbG91ZGNvcGlsb3QuaW8=", "NjRAY2xvdWRjb3BpbG90Lmlv" ] } |
When the Request Context has: |
aws:BinaryKey: |
Then the result is: |
Not Allowed Statement does not apply |
ForAllValues: BinaryEquals in a Deny Statement
Click into any of these polices and change them test how they change the result.
Given the Policy Condition: |
"ForAllValues:BinaryEquals": { "aws:BinaryKey": [ "YmFzZUBjbG91ZGNvcGlsb3QuaW8=", "NjRAY2xvdWRjb3BpbG90Lmlv" ] } |
When the Request Context has: |
aws:BinaryKey: null |
Then the result is: |
Denied |
Given the Policy Condition: |
"ForAllValues:BinaryEquals": { "aws:BinaryKey": [ "YmFzZUBjbG91ZGNvcGlsb3QuaW8=", "NjRAY2xvdWRjb3BpbG90Lmlv" ] } |
When the Request Context has: |
aws:BinaryKey: |
Then the result is: |
Not Denied May be allowed by another statement |
Given the Policy Condition: |
"ForAllValues:BinaryEquals": { "aws:BinaryKey": [ "YmFzZUBjbG91ZGNvcGlsb3QuaW8=", "NjRAY2xvdWRjb3BpbG90Lmlv" ] } |
When the Request Context has: |
aws:BinaryKey: |
Then the result is: |
Not Denied May be allowed by another statement |
Given the Policy Condition: |
"ForAllValues:BinaryEquals": { "aws:BinaryKey": [ "YmFzZUBjbG91ZGNvcGlsb3QuaW8=", "NjRAY2xvdWRjb3BpbG90Lmlv" ] } |
When the Request Context has: |
aws:BinaryKey: |
Then the result is: |
Denied |
Given the Policy Condition: |
"ForAllValues:BinaryEquals": { "aws:BinaryKey": [ "YmFzZUBjbG91ZGNvcGlsb3QuaW8=", "NjRAY2xvdWRjb3BpbG90Lmlv" ] } |
When the Request Context has: |
aws:BinaryKey: |
Then the result is: |
Denied |
Given the Policy Condition: |
"ForAllValues:BinaryEquals": { "aws:BinaryKey": [ "YmFzZUBjbG91ZGNvcGlsb3QuaW8=", "NjRAY2xvdWRjb3BpbG90Lmlv" ] } |
When the Request Context has: |
aws:BinaryKey: |
Then the result is: |
Not Denied May be allowed by another statement |